I am trying to figure out what the equivalent is for python and more particularly pymssql. I realize that I could just do string formatting, however that doesn't seem handle escaping properly like a parameter does (I could be wrong on that).

Excellent question and answers. Does anyone know how to use NAMED parameters like Jason has above. So far I've only be able to use %s, %d type of stuff (positional).
–
Michael KennedyDec 5 '13 at 18:49

Don't be fooled by the %s part: this is NOT string formatting, it's parameter substitution (different DB API modules use different syntax for parameter substitution -- pymssql just happens to use the unfortunate %s!-).

Damn this misleading %s syntax! I just spent an hour trying to understand why my code complained for attempt to use %d for specifying an int parameter. I was led to think that it's the Python formatting that's in use here.
–
PassidayOct 5 '13 at 8:58